Merge pull request #41 from GTBitsOfGood/alexchen/list-partners-query

kavinphan · web-flow · commit 07230f42edad · 2025-02-20T01:52:16.000-05:00
created list partners route handler + tests
diff --git a/src/app/api/partners/route.test.ts b/src/app/api/partners/route.test.ts
@@ -0,0 +1,166 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+//Lint gets angry when "as any" is used, but it is necessary for mocking Prisma responses using the "select" parameter (for now).
+import { testApiHandler } from "next-test-api-route-handler";
+import * as appHandler from "./route";
+import { expect, test } from "@jest/globals";
+import { dbMock } from "@/test/dbMock";
+import { invalidateSession, validateSession } from "@/test/util/authMockUtils";
+import { UserType } from "@prisma/client";
+
+test("returns 401 on invalid session", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      // Mock invalid session
+      invalidateSession();
+      const res = await fetch({ method: "GET", body: null });
+      await expect(res.status).toBe(401);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "Session required",
+      });
+    },
+  });
+});
+
+test("returns 403 on unauthorized", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.PARTNER);
+      const res = await fetch({ method: "GET", body: null });
+      await expect(res.status).toBe(403);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "You are not allowed to view this",
+      });
+    },
+  });
+});
+
+test("returns 200 on authorized use by admin", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.ADMIN);
+      const testData = [
+        {
+          name: "Partner A",
+          email: "partner@partner.com",
+          _count: {
+            unallocatedItemRequests: 1,
+          },
+        },
+        {
+          name: "Partner B",
+          email: "partner1@partner.com",
+          _count: {
+            unallocatedItemRequests: 2,
+          },
+        },
+      ];
+      const expectedResponse = {
+        partners: [
+          {
+            name: "Partner A",
+            email: "partner@partner.com",
+            unallocatedItemRequestCount: 1,
+          },
+          {
+            name: "Partner B",
+            email: "partner1@partner.com",
+            unallocatedItemRequestCount: 2,
+          },
+        ],
+      };
+      dbMock.user.findMany.mockResolvedValue(testData as any);
+      const res = await fetch({ method: "GET", body: null });
+      await expect(res.status).toBe(200);
+      await expect(res.json()).resolves.toStrictEqual(expectedResponse);
+    },
+  });
+});
+
+test("returns 200 on authorized use by super admin", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.SUPER_ADMIN);
+      const testData = [
+        {
+          name: "Partner A",
+          email: "partner@partner.com",
+          _count: {
+            unallocatedItemRequests: 1,
+          },
+        },
+        {
+          name: "Partner B",
+          email: "partner1@partner.com",
+          _count: {
+            unallocatedItemRequests: 2,
+          },
+        },
+      ];
+      const expectedResponse = {
+        partners: [
+          {
+            name: "Partner A",
+            email: "partner@partner.com",
+            unallocatedItemRequestCount: 1,
+          },
+          {
+            name: "Partner B",
+            email: "partner1@partner.com",
+            unallocatedItemRequestCount: 2,
+          },
+        ],
+      };
+      dbMock.user.findMany.mockResolvedValue(testData as any);
+      const res = await fetch({ method: "GET", body: null });
+      await expect(res.status).toBe(200);
+      await expect(res.json()).resolves.toStrictEqual(expectedResponse);
+    },
+  });
+});
+
+test("returns 200 on authorized use by staff", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.STAFF);
+      const testData = [
+        {
+          name: "Partner A",
+          email: "partner@partner.com",
+          _count: {
+            unallocatedItemRequests: 1,
+          },
+        },
+        {
+          name: "Partner B",
+          email: "partner1@partner.com",
+          _count: {
+            unallocatedItemRequests: 2,
+          },
+        },
+      ];
+      const expectedResponse = {
+        partners: [
+          {
+            name: "Partner A",
+            email: "partner@partner.com",
+            unallocatedItemRequestCount: 1,
+          },
+          {
+            name: "Partner B",
+            email: "partner1@partner.com",
+            unallocatedItemRequestCount: 2,
+          },
+        ],
+      };
+      dbMock.user.findMany.mockResolvedValue(testData as any);
+      const res = await fetch({ method: "GET", body: null });
+      await expect(res.status).toBe(200);
+      await expect(res.json()).resolves.toStrictEqual(expectedResponse);
+    },
+  });
+});
diff --git a/src/app/api/partners/route.ts b/src/app/api/partners/route.ts
@@ -0,0 +1,52 @@
+import { auth } from "@/auth";
+import { authenticationError, authorizationError } from "@/util/responses";
+import { NextResponse } from "next/server";
+import { UserType } from "@prisma/client";
+import { db } from "@/db";
+
+interface PartnersResponse {
+  partners: {
+    name: string;
+    email: string;
+    unallocatedItemRequestCount: number;
+  }[];
+}
+
+const AUTHORIZED_USER_TYPES = [
+  UserType.STAFF,
+  UserType.ADMIN,
+  UserType.SUPER_ADMIN,
+] as UserType[];
+
+/**
+ * Retrieves a list of names, emails, and number of unallocated item requests for all partners.
+ * @returns 401 if the request is not authenticated
+ * @returns 403 if the user is not STAFF, ADMIN, or SUPER_ADMIN
+ * @returns 200 and a list of partner names, details, and unallocated item counts
+ */
+export async function GET(): Promise<NextResponse> {
+  const session = await auth();
+  if (!session?.user) return authenticationError("Session required");
+  if (!AUTHORIZED_USER_TYPES.includes(session.user.type)) {
+    return authorizationError("You are not allowed to view this");
+  }
+
+  const partners = await db.user.findMany({
+    where: { type: UserType.PARTNER },
+    select: {
+      email: true,
+      name: true,
+      _count: {
+        select: { unallocatedItemRequests: true },
+      },
+    },
+  });
+
+  return NextResponse.json({
+    partners: partners.map((partner) => ({
+      name: partner.name,
+      email: partner.email,
+      unallocatedItemRequestCount: partner._count.unallocatedItemRequests,
+    })),
+  } as PartnersResponse);
+}
